Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Voxel.sh DNS public suffixes #1014

Merged
merged 3 commits into from May 22, 2020
Merged

Add Voxel.sh DNS public suffixes #1014

merged 3 commits into from May 22, 2020

Conversation

ghost
Copy link

@ghost ghost commented Apr 11, 2020
edited by ghost
Loading

  • Description of Organization
  • Reason for PSL Inclusion
  • DNS verification via dig
  • Run Syntax Checker (make test)

Description of Organization

Organization Website: https://voxel.sh/dns/

Voxel.sh is an internet infrastructure project run by a small group of individual volunteers. I'm leading this project. We're running our own anycast DNS clusters and are currently working on an authoritative DNS service with focus on free Third Level Domains ("free subdomains") for projects or individuals who don't necessary need an own paid domain.
We're close to release and would like PSL inclusion before launch for the reasons listed below. Right now, during internal testing phase, there are only a few domains active, like my own homepage at https://mia.vxl.sh/.

I closed my previous pull request at #953 due to our project name change.

Reason for PSL Inclusion

  • All Third Level Domains are completely independent and should be protected by browsers' security features. (e.g. to prevent setting cookies on the parent domain and hostname highlighting where supported)

  • We're using HTTP Strict Transport Security (HSTS) on all domains (including subdomains and preloaded). This means that all subscribers need to obtain TLS certificates for their domains. While not the main reason for this pull request, an addition would help us acquire higher limits with ACME issuers.

  • We allow name server delegation of our Third-Level-Domains by NS record and we've learned that some DNS, hosting and proxy services validate domains using the PSL in order to prevent users from accidentally adding subdomains instead of their main domain.

  • We will not use wildcard TLS certificates on the parent domains nor will there be any content. Domains are currently set up to redirect to the project page, informing anyone interested how to obtain a subdomain in the future.

DNS Verification via dig

for domain in neko.am nyaa.am be.ax cat.ax es.ax eu.ax gg.ax mc.ax us.ax xy.ax nl.ci xx.gl app.gp blog.gt de.gt to.gt be.gy cc.hn blog.kg io.kg jp.kg tv.kg uk.kg us.kg de.ls at.md de.md jp.md to.md uwu.nu indie.porn vxl.sh ch.tc me.tc we.tc nyan.to at.vg blog.vu dev.vu me.vu
do
  echo "# dig +short TXT _psl.$domain"
  dig +short TXT _psl.$domain
  echo ""
done;

# dig +short TXT _psl.neko.am
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.nyaa.am
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.be.ax
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.cat.ax
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.es.ax
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.eu.ax
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.gg.ax
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.mc.ax
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.us.ax
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.xy.ax
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.nl.ci
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.xx.gl
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.app.gp
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.blog.gt
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.de.gt
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.to.gt
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.be.gy
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.cc.hn
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.blog.kg
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.io.kg
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.jp.kg
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.tv.kg
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.uk.kg
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.us.kg
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.de.ls
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.at.md
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.de.md
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.jp.md
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.to.md
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.uwu.nu
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.indie.porn
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.vxl.sh
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.ch.tc
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.me.tc
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.we.tc
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.nyan.to
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.at.vg
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.blog.vu
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.dev.vu
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.me.vu
"https://github.com/publicsuffix/list/pull/1014"

make test

============================================================================
Testsuite summary for libpsl 0.21.0
============================================================================
# TOTAL: 5
# PASS:  5
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================

@ghost ghost marked this pull request as ready for review April 11, 2020 07:49
dnsguru
dnsguru reviewed May 22, 2020
View reviewed changes
Copy link
Member

@dnsguru dnsguru left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Zone(s) DNS authority reviewed

# dig +short TXT _psl.neko.am
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.nyaa.am
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.be.ax
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.cat.ax
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.es.ax
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.eu.ax
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.gg.ax
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.mc.ax
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.us.ax
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.xy.ax
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.nl.ci
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.xx.gl
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.app.gp
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.blog.gt
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.de.gt
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.to.gt
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.be.gy
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.cc.hn
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.blog.kg
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.io.kg
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.jp.kg
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.tv.kg
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.uk.kg
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.us.kg
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.de.ls
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.at.md
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.de.md
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.jp.md
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.to.md
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.uwu.nu
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.indie.porn
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.vxl.sh
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.ch.tc
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.me.tc
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.we.tc
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.nyan.to
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.at.vg
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.blog.vu
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.dev.vu
"https://github.com/publicsuffix/list/pull/1014"

# dig +short TXT _psl.me.vu
"https://github.com/publicsuffix/list/pull/1014"

@dnsguru dnsguru added the r=dnsguru Marked as approved and ready to merge by @dnsguru label May 22, 2020
@dnsguru dnsguru self-assigned this May 22, 2020
dnsguru
dnsguru approved these changes May 22, 2020
View reviewed changes
Copy link
Member

@dnsguru dnsguru left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rationale clear and complete
DNS Validation complete
approval based upon compatible use and accurate submission

@dnsguru
Copy link
Member

dnsguru commented May 22, 2020

Tests Completed / Passed

@dnsguru dnsguru removed the r=dnsguru Marked as approved and ready to merge by @dnsguru label May 22, 2020
@dnsguru dnsguru merged commit f05d1f6 into publicsuffix:master May 22, 2020
@henkyyi henkyyi mentioned this pull request Jul 19, 2021
Merged
8 tasks
@vampubus vampubus mentioned this pull request Apr 16, 2023
Closed
10 tasks
@jeffrey-pinyan-cleandns jeffrey-pinyan-cleandns mentioned this pull request Jul 6, 2023
Closed
10 tasks
This was referenced Oct 2, 2023
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@dnsguru dnsguru

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@dnsguru